Essentials in a Borderless World: United States and European Union Perspectives Kenneth Slade Senior Partner, Hale and Dorr LLP Boston, Massachusetts, USA Essentials in a Borderless World Cyberjaya, Malaysia October 27, 2000 United States and European Union Perspective
Overview • • Domain name problems Enforceability of click-and-accept agreements Cross-border jurisdiction issues Internet Service Provider (ISP) liability and safe harbors against copyright infringement suits • Impact of EU E-Commerce and Related Directives • Linking problems: deep linking, spidering and web crawling October 27, 2000 United States and European Union Perspective 2
Domain Name Problems October 27, 2000 United States and European Union Perspective 3
International Domain Name Overview • In the United States, enactment of Anticybersquatting Consumer Protection Act • Internationally, implementation of ICANN Uniform Dispute Resolution Policy • Still problems in this area, despite these efforts to reform system October 27, 2000 United States and European Union Perspective 4
U. S. Anticybersquatting Consumer Protection Act • Signed into law November 29, 1999 • Permits action vs. domain name registrant purely on the basis of registration, without use and without effect on well-known trademark • Provides basis for attacking domain name which is “identical or confusingly similar” to protected trademark or name of living person • Domain name registrant must have “bad faith intent to profit” October 27, 2000 United States and European Union Perspective 5
Anticybersquatting Consumer Protection Act: Remedies • If a domain name has been registered improperly, it may be canceled or forfeited to rightful owner • Courts may award, at plaintiff’s election, either actual damages or statutory damages up to US$100, 000 per domain name October 27, 2000 United States and European Union Perspective 6
ICANN Dispute Resolution Policy • New Uniform Domain Name Dispute Resolution Policy adopted by principal U. S. and international domain name registrars • Part of agreement every registrant must accept prior to obtaining a domain name • Policy permits trademark owner to bring arbitration against registrant of domain name that is identical or confusingly similar to trademark if registrant has registered the domain name in bad faith October 27, 2000 United States and European Union Perspective 7
ICANN Arbitrations • World Intellectual Property Organization (WIPO), National Arbitration Forum, Disputes. org/e. Resolution Consortium and CPR Institute for Dispute Resolution approved to act as arbiters • Sole remedy is to cancel registration or transfer it to trademark owner • Streamlined procedure: – designed to be conducted by E-Mail – takes less than 60 days – no discovery October 27, 2000 United States and European Union Perspective 8
Remaining Problems • Someone other than the trademark owner who is legitimately using the trademark as a domain name (e. g. , a distributor) can continue to do so (Weber-Stephens case) • Registrations of well-known domain name in another country without bad faith are still valid (e. g. , amazon. gr) October 27, 2000 United States and European Union Perspective 9
Remaining Problems • “Sucks. com” web sites might be difficult to shut down in certain circumstances – where the operator of the web site is not demanding compensation for transferring the domain name back to the trademark owner – where the court considers the web site to be a parody, or protected U. S. First Amendment speech – where the web site is not “likely to cause confusion” October 27, 2000 United States and European Union Perspective 10
Enforceability of Click-and. Accept Agreements October 27, 2000 United States and European Union Perspective 11
Why use end-user agreements at all? • Disclaim implied warranties • Limit direct damages to purchase price of product • Exclude indirect damages • Choice of law; choice of dispute resolution; choice of forum • Limit uses (e. g. , only for internal purposes; not to be used to conduct service bureau for benefit of third parties; etc. ) • Prohibit decompilation and reverse engineering • Protect non-copyrighted material October 27, 2000 United States and European Union Perspective 12
Enforceability of Shrinkwrap Agreements • First used for mass-market software • No signature: use of software = assent • Shrinkwrap agreements validated in Pro CD v. Zeidenberg (7 th Cir. 1996) if – their terms are “commercially reasonable” and not otherwise unconscionable or subject to any other defense available under contract law; – user has right to reject terms upon opening package and to receive a full refund; – rejected argument that all terms must be printed on the outside of the product packaging. October 27, 2000 United States and European Union Perspective 13
Enforceability of Click-and-Accept Agreements • In Groff v. America Online, Inc. , Groff sues over unavailability of AOL service, due to load problems • AOL seeks summary judgment, arguing that forum selection clause in click-and-accept agreement requires litigation to be brought in Virginia • Court finds that Groff effectively “signed” the click-and-accept agreement by clicking on “I agree” button “not once, but twice” October 27, 2000 United States and European Union Perspective 14
Current Status of Shrinkwrap Agreements, based on current statutes and advice of foreign counsel • Likely to Be Enforced: U. S. , Canada, France, Italy, Spain, Netherlands, Scandinavia, Brazil, Saudi Arabia, Hong Kong • Likely to Be Enforced, Subject to Consumer Protection Laws: Mexico, Argentina, Chile • Less Certain: Japan and Korea October 27, 2000 • Unlikely to Be Enforced: Germany, United Kingdom, Australia (? ), China -- yet still worth trying • Click-and-accept should be easier to enforce (licensee sees terms before accepts) -- but still not likely to be enforced in China United States and European Union Perspective 15
Special Issues Affecting International Enforceability • Translate terms into local language • Comply with localization requirements – Spain: all packaging in Spanish – France: documentation and on-line help in French • Variations in consumer warranty requirements • Most consumer protection laws will ignore consumer’s acceptance of choice of law and dispute resolution provisions which choose a foreign law or forum – Japan (? ), the Netherlands, Norway and the United Kingdom (? ) are the exceptions October 27, 2000 United States and European Union Perspective 16
Terms of Use Not Necessarily Binding • According to the recent Ticketmaster case, posting terms on the bottom of the first page of a web site does not make those terms legally enforceable against users of that web site – users were not required to assent to those terms, or even to read them • For those terms to constitute a legally-binding contract, the web site operator must show that users knew or should have known that acceptance of those terms was a condition for using the web site – for example -- a “click-and-accept” on registration, download or ordering October 27, 2000 United States and European Union Perspective 17
Cross-Border Jurisdiction Issues October 27, 2000 United States and European Union Perspective 18
Developments in U. S. Jurisdictional Law • Each U. S. state and federal district may have different rules • Some initial decisions have found that a website alone justifies jurisdiction, while other decisions have required more • American Bar Association is trying to propose standardized guidelines October 27, 2000 United States and European Union Perspective 19
European Commission Approach • Different countries have different rules on jurisdiction • Council of Ministers working group is in process of revising 1968 Brussels Convention on Jurisdiction – Article 15 would say that a company which directs its activities to another EU country can be sued in that country October 27, 2000 United States and European Union Perspective 20
European Commission Approach – since e-commerce could be considered to be directed at all 15 EU countries, in theory an e-commerce company could be sued in all 15 countries – counterarguments to being directed to other countries • passive website only • certain languages only • disclaimers that products not offered in particular countries October 27, 2000 United States and European Union Perspective 21
European Commission Approach • European Commission is also considering changes to Rome Convention on Non. Contractual Obligations, which governs such things as defamation and unfair competition – jurisdiction would exist where impact is felt – could subject an e-commerce company to jurisdiction of all EU countries • Business community concerned because European Commission approach seems heavily pro-consumer October 27, 2000 United States and European Union Perspective 22
Internet Service Provider (ISP) Liability and Safe Harbors against Copyright Infringement Suits October 27, 2000 United States and European Union Perspective 23
U. S. -- Communications Decency Act of 1996 • Old rule: carrier may become a publisher by editing content, and thus could be liable for knowingly or negligently distributing defamatory material • New rule: "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. " (47 USC 230 (c)(1)) • Policy rationale: – impossible for ISP to screen all postings – don’t discourage ISPs from self-policing; continue tradition of minimal government regulation of Internet October 27, 2000 United States and European Union Perspective 24
Zeran v. America Online, Inc. 129 F. 3 rd 327 (4 th Cir. 1997) • If computer service providers were subject to distributor liability, they would face potential liability each time they receive notice of a potentially defamatory statement -- from any party, concerning any message. Each notification would require a careful yet rapid investigation of the circumstances surrounding the posted information, a legal judgment concerning the information’s defamatory character, and an on-the-spot editorial decision whether to risk liability by allowing the continued publication of that information. Although this might be possible for the traditional publisher, the sheer number of postings on interactive computer services would create an impossible burden in the Internet context. October 27, 2000 United States and European Union Perspective 25
U. S. -- Digital Millennium Copyright Act of 1998 (“DMCA”) • Creates 4 safe harbors for ISPs from copyright infringement actions – in addition to other defenses under copyright and other laws • “Online service provider” or OSP defined broadly - a provider of online services or network access, or the operators of facilities therefor -- do not need to be in the business of providing online services October 27, 2000 United States and European Union Perspective 26
DMCA Safe Harbors • Storing material at request of User • Referring Users to material at another location • System caching, where OSP makes temporary copy for delivery to subsequent users (applies to both material placed on line by someone other than OSP (“Originator”) and material transmitted by Originator through OSP to User) • Acting as conduit for material travelling between other parties October 27, 2000 United States and European Union Perspective 27
Notice and Take-Down Provisions • OSP must designate, to U. S. Copyright Office and on its service, contact information • Notice from copyright owner must be in writing, signed, include specified info. • Upon receiving such a notice, OSP must act expeditiously to remove/block access to allegedly infringing material • OSP exempt from liability when it in good faith removes or blocks access to material October 27, 2000 United States and European Union Perspective 28
Notice and Pullback Provisions • OSP must take additional steps to protect content provider, which may lead to putting material back in system • OSP must take reasonable steps to notify content provider, who in turn may send “counter notification” • OSP must provide copy of counter notification to copyright owner that sent original notice • Unless copyright owner notifies OSP that it has filed an action to restrain the alleged infringement, OSP must replace or unblock the material within 10 -14 days of receiving the counter notification October 27, 2000 United States and European Union Perspective 29
Cases Holding ISPs Liable • UK: Godfrey v. Demon Internet – Posting of defamatory messages on bulletin board – ISP had notice by victim – ISP was liable for not taking messages down • Germany: Hit Box v. AOL – Downloading of pirated music over AOL – AOL was liable if it could/should have known of illegal content and did not block access October 27, 2000 United States and European Union Perspective 30
EU E-Commerce Directive • No liability for ISPs who play a passive role with respect to illegal information from 3 rd parties: – Mere conduits (transmission) – Caching – Hosting (w/o actual knowledge) • No obligation to monitor – however, once ISP learns that particular content is illegal, ISP must block access to such content • Have not dealt with copyright infringement problem addressed by DMCA October 27, 2000 United States and European Union Perspective 31
Impact of EU E-Commerce and Related Directives October 27, 2000 United States and European Union Perspective 32
EU Directives • Directive on Data Protection (October 15, 1995) • Long Distance Selling Directive (May 20, 1997) • Long Distance Selling of Financial Services (proposed November 19, 1998) • E-Commerce Directive (June 8, 2000) • Digital Signature Directive (December 13, 1999) October 27, 2000 United States and European Union Perspective 33
EU Data Protection Directive • Effective on October 15, 1995; had to be transformed into national law by October 15, 1998 • Establishes legal principles for privacy protection and free flow of data within the EU • Principles are both a minimum and a maximum • Prohibits the transfer of personal data from EU countries to any countries which do not have “adequate” data protection laws – in other words, the United States October 27, 2000 United States and European Union Perspective 34
EU Rights of the Data Subject • Right to be informed of the purposes of collection, intended recipients, and data subject's rights, at the time of collection. • Right to obtain a copy of data about oneself. • Right to obtain corrections, erasure or blocking of data processed in violation of the Directive. • Appropriate security safeguards must be adopted by controllers of data. • Data cannot kept in identified form for longer than necessary for those purposes. October 27, 2000 United States and European Union Perspective 35
US-EU Safe Harbor Guidelines: Seven Privacy Principles • NOTICE: state why the information is collected • CHOICE: individuals must be allowed to opt-out of purposes other than purpose for which data was originally collected • ONWARD TRANSFER: personal information may be transferred to third party only if such transfer is necessary for the original purpose and the third party agrees to comply with the safe harbor principles • SECURITY: take reasonable precautions to protect vs. loss, misuse and unauthorized access, disclosure, alteration and destruction October 27, 2000 United States and European Union Perspective 36
US-EU Safe Harbor Guidelines: Seven Privacy Principles • DATA INTEGRITY: take reasonable steps to ensure that data is reliable for intended use, accurate, complete and current • ACCESS: individuals must have access to their data to ensure accuracy • ENFORCEMENT: opportunity to pursue complaints and disputes • Companies must provide enforcement mechanisms by: – complying with private-sector self-regulatory programs; – complying with applicable privacy law or regulation for enforcement; OR – committing to cooperate with EU data privacy protection authorities October 27, 2000 United States and European Union Perspective 37
Long Distance Selling Directive • Applies to Internet consumer transactions • Seller has to provide information before conclusion of agreement • EU law now gives consumers entering into electronic contracts through web sites a “right of withdrawal” for at least 7 working days – that period is measured from their receipt of a written confirmation containing various information – if the web site operator does not provide such confirmation, this right of withdrawal can last up to three months October 27, 2000 United States and European Union Perspective 38
Long Distance Selling of Financial Services (proposed) • Banking, insurance, investing and payment • Right to revoke (14 -30 days) except: – foreign exchange services/securities and the like – non-life insurance less than 1 month – fully completed contracts • Mandatory National law October 27, 2000 United States and European Union Perspective 39
E-Commerce Directive • To be adopted in national law by January 17, 2002 • Identification of providers of Information Society services • Senders of unsolicited commercial e-mail (spamming) need to be identified • Electronic contracts must be recognized – EU Member States must remove any prohibitions or restrictions on use of electronic contracts • No liability of service providers for “mere conduit”, caching and hosting • Codes of conduct/out of court dispute settlement etc. October 27, 2000 United States and European Union Perspective 40
Electronic Signature Directive • Legal recognition of digital signatures that meet specific requirements • Minimum liability for certification services • Technology neutral (encryption, biometrics) October 27, 2000 United States and European Union Perspective 41
While We Are on the Subject: U. S. Digital Signature Legislation • Federal: E-Sign Act (2000) – electronic signatures, contracts and records shall have the same effect as written signatures, contracts and records – electronic documents may be substituted for any document required to be provided to consumers “in writing”, if consumer consents – records may be retained in electronic form. • State: Uniform Electronic Transactions Act (UETA) October 27, 2000 United States and European Union Perspective 42
Linking Problems: Deep Linking, Spidering and Web Crawling October 27, 2000 United States and European Union Perspective 43
Clearly Prohibited Practices • Linking to material which you know to be infringing on the copyrights of a third party can subject the linker to liability for copyright infringement (Utah Lighthouse Ministry case) • Linking to a web site engaging in criminal activities can subject the linking party to criminal liability for aiding and abetting those activities (Japanese pornography case) • Framing another site’s content within your own site “detracts from persona of the linked site” and constitutes an unfair trade practice (US: Total News; UK: Shetland Times) October 27, 2000 United States and European Union Perspective 44
Deep Linking • Linking to pages “deep” within the linked site, bypassing home page and advertising • Deep linking was upheld in Ticketmaster Corp. v. Tickets. com, Inc. case – not copyright infringement (not copying, just transferring) – not violation of terms of use, unless linked site can show that linking party accepted those terms – not unfair competition, as long as there is no attempt to mislead users about source of linked information/goods/services • Similar result in Dutch case (PCM v. Kranten. com) October 27, 2000 United States and European Union Perspective 45
Spidering • Use of “spiders, ” “bots” or other automated means to derive information from publicly-accessible web sites • e. Bay, Inc. v. Bidder’s Edge, Inc. : use of automated means to collect data from auction site for other purposes constitutes cybertrespass – violation of e. Bay’s right to exclude others from its computer systems October 27, 2000 United States and European Union Perspective 46
Web Crawling • Monitoring of web sites for various reasons – confirming compliance with contractual commitments (e. g. , affiliate networks) – checking pricing of competitors • unlike spidering, not collecting data and presenting that data for other purposes • Unclear area of law, so take precautions – obtain consent of monitored party – only monitor sites whose terms of use do not prohibit such use • under Ticketmaster case, when are those terms binding? click-and-accept? simple posting? – seek indemnification from company offering web crawling services October 27, 2000 United States and European Union Perspective 47
Conclusion • There is a great deal of overlap in terms of the issues which courts, legislators and regulators in the US and EU are attempting to address (e. g. , domain names, click-and-accept agreements, jurisdiction, privacy, ISP liability, digital signatures, linking) • The results of those efforts are not always consistent • At the same time, given the borderless nature of the Internet, web companies need to comply with all of these laws -- an increasingly complex and difficult task! October 27, 2000 United States and European Union Perspective 48
For Further Information • Subscribe to Hale and Dorr Internet Alerts at www. haledorr. com/internet_law/e_alerts. html • Contact Ken Slade – – kenneth. slade@haledorr. com telephone: 1 -617 -526 -6184 fax: 1 -617 -526 -5000 mailing address: • 60 State Street • Boston Massachusetts 02109 • USA October 27, 2000 United States and European Union Perspective 49
Скачать презентацию Essentials in a Borderless World United States and
1b43915d29f84d16a729e1936fa8df90.ppt